75bab6c09838ee7212776c0a4a3af7cd2074ae3ad623271651769e35cbc92c12 | Triage

Sharing

General

Target

75bab6c09838ee7212776c0a4a3af7cd2074ae3ad623271651769e35cbc92c12
Size

2.2MB
MD5

5bf94f6e7eb79d962ac0fb20818c732e
SHA1

fe70a7442736f2125eb0e4845b25e2dd1b214e4c
SHA256

75bab6c09838ee7212776c0a4a3af7cd2074ae3ad623271651769e35cbc92c12
SHA512

d60e8338d9244a5f949bb52a851399cd3f2416578f3444a3abff316d63b92041b15105d4562aa3d4c780e37fbf4107064b325b3fce8a1018a751e6c0c081d4c4
SSDEEP

49152:vUj2SJkoy8kQqwaGKcLiLNvaYd1dYK47WrN0q0iEk:xSJaMajcLiLhaA1yJJq0O

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
75bab6c09838ee7212776c0a4a3af7cd2074ae3ad623271651769e35cbc92c12

Files

75bab6c09838ee7212776c0a4a3af7cd2074ae3ad623271651769e35cbc92c12
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 29KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ